Mercurial > dropbear
view debian/changelog @ 1930:299f4f19ba19
Add /usr/sbin and /sbin to default root PATH
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
author | Raphael Hertzog <hertzog@debian.org> |
---|---|
date | Mon, 09 Jul 2018 16:27:53 +0200 |
parents | 4b984c42372d |
children | 77bc00dcc19f |
line wrap: on
line source
dropbear (2020.81-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 29 Oct 2020 22:51:57 +0800 dropbear (2020.80-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Fri, 26 Jun 2020 22:51:57 +0800 dropbear (2020.79-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Mon, 15 Jun 2020 22:51:57 +0800 dropbear (2019.78-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 27 Mar 2019 22:51:57 +0800 dropbear (2019.77-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Sat, 23 Mar 2019 22:51:57 +0800 dropbear (2018.76-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Tue, 27 Feb 2018 22:51:57 +0800 dropbear (2017.75-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 18 May 2017 22:51:57 +0800 dropbear (2016.74-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 21 Jul 2016 22:51:57 +0800 dropbear (2016.73-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Fri, 18 Mar 2016 22:52:58 +0800 dropbear (2016.72-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 10 Mar 2016 22:52:58 +0800 dropbear (2015.70-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 26 Nov 2015 22:52:58 +0800 dropbear (2015.69-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 25 Nov 2015 22:52:58 +0800 dropbear (2015.68-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Sat, 8 Aug 2015 22:52:58 +0800 dropbear (2015.67-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 28 Jan 2015 22:53:59 +0800 dropbear (2014.66-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 23 Oct 2014 22:54:00 +0800 dropbear (2014.65-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Fri, 8 Aug 2014 22:54:00 +0800 dropbear (2014.64-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Sun, 27 Jul 2014 22:54:00 +0800 dropbear (2014.63-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 19 Feb 2014 22:54:00 +0800 dropbear (2013.62) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Tue, 7 Dec 2013 22:54:00 +0800 dropbear (2013.60-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 16 Oct 2013 22:54:00 +0800 dropbear (2013.59-0.1) unstable; urgency=low * New upstream release. * Build with DEB_BUILD_MAINT_OPTIONS = hardening=+all -- Matt Johnston <[email protected]> Fri, 4 Oct 2013 22:54:00 +0800 dropbear (2013.58-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 18 Apr 2013 22:54:00 +0800 dropbear (2013.57-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Mon, 15 Apr 2013 22:54:00 +0800 dropbear (2013.56-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 21 Mar 2013 22:54:00 +0800 dropbear (2012.55-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 22 Feb 2012 22:54:00 +0800 dropbear (2011.54-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Tues, 8 Nov 2011 22:54:00 +0800 dropbear (0.53.1-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 2 Mar 2011 22:54:00 +0900 dropbear (0.53-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 24 Feb 2011 22:54:00 +0900 dropbear (0.52-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Wed, 12 Nov 2008 22:54:00 +0900 dropbear (0.51-0.1) unstable; urgency=low * New upstream release. -- Matt Johnston <[email protected]> Thu, 27 Mar 2008 19:14:00 +0900 dropbear (0.50-4) unstable; urgency=low * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB formatted dependency info in init.d script (closes: #466257). * debian/rules: no longer include symlinks for ./supervise/ subdirectories. * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed by runit, remove service, and re-add using update-service(8). * debian/control: Standards-Version: 3.7.3.0. * debian/rules: target clean: don't ignore errors but check for readable ./Makefile. -- Gerrit Pape <[email protected]> Thu, 06 Mar 2008 19:06:58 +0000 dropbear (0.50-3) unstable; urgency=low * debian/dropbear.init: use the update-service(8) program from the runit package instead of directly checking for the symlink in /var/service/. * debian/README.runit: talk about update-service(8) instead of symlinks in /var/service/. -- Gerrit Pape <[email protected]> Fri, 15 Feb 2008 00:32:37 +0000 dropbear (0.50-2) unstable; urgency=low * debian/dropbear.README.Debian: no longer talk about entropy from /dev/random, /dev/urandom is now used by default (thx Joey Hess, closes: #441515). -- Gerrit Pape <[email protected]> Mon, 24 Sep 2007 16:49:17 +0000 dropbear (0.50-1) unstable; urgency=low * debian/README.runit: minor. * new upstream version. * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: remove; fixed upstream. -- Gerrit Pape <[email protected]> Thu, 09 Aug 2007 23:01:01 +0000 dropbear (0.49-2) unstable; urgency=low * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of -p0. * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: new; options.h: use /dev/urandom instead of /dev/random as DROPBEAR_RANDOM_DEV (closes: #386976). * debian/rules: target clean: remove libtomcrypt/Makefile, libtommath/Makefile. -- Gerrit Pape <[email protected]> Sat, 09 Jun 2007 08:59:59 +0000 dropbear (0.49-1) unstable; urgency=high * new upstream release, fixes * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey mismatch (closes: #412899). * dbclient uses static "Password:" prompt instead of using the server's prompt (closes: #394996). * debian/control: Suggests: openssh-client, not ssh (closes: #405686); Standards-Version: 3.7.2.2. * debian/README.Debian: ssh -> openssh-server, openssh-client; remove 'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not installing the openssh-server package. * debian/README.runit: runsvstat -> sv status. -- Gerrit Pape <[email protected]> Fri, 2 Mar 2007 20:48:18 +0000 dropbear (0.48.1-1) unstable; urgency=medium * new upstream point release. * Compile fix for scp * debian/diff/dbclient.1.diff: new: document -R option to dbclient accurately (thx Markus Schaber; closes: #351882). * debian/dropbear.README.Debian: document a workaround for systems with possibly blocking /dev/random device (closes: #355414).. -- Gerrit Pape <[email protected]> Sun, 16 Apr 2006 16:16:40 +0000 dropbear (0.48-1) unstable; urgency=medium * New upstream release. * SECURITY: Improve handling of denial of service attempts from a single IP. * debian/implicit: update to revision 1.11. * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a security issue where use of system() could cause users to execute arbitrary code through malformed filenames; CVE-2006-0225 (see also #349645); the scp binary is not provided by this package though. -- Gerrit Pape <[email protected]> Fri, 10 Mar 2006 22:00:32 +0000 dropbear (0.47-1) unstable; urgency=high * New upstream release. * SECURITY: Fix incorrect buffer sizing; CVE-2005-4178. -- Matt Johnston <[email protected]> Thu, 8 Dec 2005 19:20:21 +0800 dropbear (0.46-2) unstable; urgency=low * debian/control: Standards-Version: 3.6.2.1; update descriptions to mention included server and client (thx Tino Keitel). * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though 'NO_START is not set to zero.' (closes: #336723). -- Gerrit Pape <[email protected]> Tue, 6 Dec 2005 13:30:49 +0000 dropbear (0.46-1) unstable; urgency=medium * New upstream release, various fixes. * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove; obsolete. * debian/dbclient.1: move to ./dbclient.1. -- Matt Johnston <[email protected]> Fri, 8 July 2005 21:32:55 +0800 dropbear (0.45-3) unstable; urgency=low * debian/dropbear.init: init script prints human readable message in case it's disabled (closes: #309099). * debian/dropbear.postinst: configure: restart service through init script instead of start. * debian/dropbear.prerm: set -u -> set -e. -- Gerrit Pape <[email protected]> Wed, 25 May 2005 22:38:17 +0000 dropbear (0.45-2) unstable; urgency=low * Matt Johnston: * New upstream release, various fixes. -- Gerrit Pape <[email protected]> Sat, 12 Mar 2005 15:17:55 +0000 dropbear (0.44-1) unstable; urgency=low * New upstream release. * debian/rules: install /usr/bin/dbclient; handle possible patches more gracefully; install debian/dbclient.1 man page; enable target patch; minor. * debian/implicit: update to revision 1.10. * debian/dbclient.1: new; man page. * debian/diff/dbclient-usage-typo.diff: new; fix typo. * debian/diff/manpages.diff: new; add references to dbclient man page. -- Gerrit Pape <[email protected]> Sat, 8 Jan 2005 22:50:43 +0000 dropbear (0.43-2) unstable; urgency=high * Matt Johnston: * New upstream release 0.43 * SECURITY: Don't attempt to free uninitialised buffers in DSS verification code * Handle portforwarding to servers which don't send any initial data (Closes: #258426) * debian/dropbear.postinst: remove code causing bothersome warning on package install (closes: #256752). * debian/README.Debian.diet: new; how to build with the diet libc. * debian/dropbear.docs: add debian/README.Debian.diet. * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup. -- Gerrit Pape <[email protected]> Sat, 17 Jul 2004 19:31:19 +0000 dropbear (0.42-1) unstable; urgency=low * New upstream release 0.42. * debian/diff/cvs-20040520.diff: remove; obsolete. * debian/rules: disable target patch. -- Matt Johnston <[email protected]> Wed, 16 June 2004 12:44:54 +0800 dropbear (0.41-3) unstable; urgency=low * 1st upload to the Debian archive (closes: #216553). * debian/diff/cvs-20040520.diff: new; stable cvs snapshot. * debian/rules: new target patch: apply diffs in debian/diff/, reverse apply in target clean; install man pages. * debian/control: Priority: optional. -- Gerrit Pape <[email protected]> Sun, 23 May 2004 08:32:37 +0000 dropbear (0.41-2) unstable; urgency=low * new maintainer. * debian/control: no longer Build-Depends: debhelper; Build-Depends: libz-dev; Standards-Version: 3.6.1.0; Suggests: runit; update descriptions. * debian/rules: stop using debhelper, use implicit rules; cleanup; install dropbearconvert into /usr/lib/dropbear/. * debian/impicit: new; implicit rules. * debian/copyright.in: adapt. * debian/dropbear.init: minor adaptions; test for dropbear service directory. * debian/README.runit: new; how to use dropbear with runit. * debian/README.Debian, debian/docs: rename to debian/dropbear.*. * debian/dropbear.docs: add debian/README.runit * debian/conffiles: rename to debian/dropbear.conffiles; add init script, and run scripts. * debian/postinst: rename to debian/dropbear.postinst; adapt; use invloke-rc.d dropbear start. * debian/dropbear.prerm: new; invoke-rc.d dropbear stop. * debian/postrm: rename to debian/dropbear.postrm; adapt; clean up service directories. * debian/compat, debian/dirs, dropbear.default: remove; obsolete. -- Gerrit Pape <[email protected]> Sun, 16 May 2004 16:50:55 +0000 dropbear (0.41-1) unstable; urgency=low * Updated to 0.41 release. * Various minor fixes -- Matt Johnston <[email protected]> Mon, 19 Jan 2004 23:20:54 +0800 dropbear (0.39-1) unstable; urgency=low * updated to 0.39 release. Some new features, some bugfixes. -- Matt Johnston <[email protected]> Tue, 16 Dec 2003 16:20:54 +0800 dropbear (0.38-1) unstable; urgency=medium * updated to 0.38 release - various important bugfixes -- Matt Johnston <[email protected]> Sat, 11 Oct 2003 16:28:54 +0800 dropbear (0.37-1) unstable; urgency=medium * updated to 0.37 release - various important bugfixes -- Matt Johnston <[email protected]> Wed, 24 Sept 2003 19:43:54 +0800 dropbear (0.36-1) unstable; urgency=high * updated to 0.36 release - various important bugfixes -- Matt Johnston <[email protected]> Tues, 19 Aug 2003 12:20:54 +0800 dropbear (0.35-1) unstable; urgency=high * updated to 0.35 release - contains fix for remotely exploitable vulnerability. -- Matt Johnston <[email protected]> Sun, 17 Aug 2003 05:37:47 +0800 dropbear (0.34-1) unstable; urgency=medium * updated to 0.34 release -- Matt Johnston <[email protected]> Fri, 15 Aug 2003 15:10:00 +0800 dropbear (0.33-1) unstable; urgency=medium * updated to 0.33 release -- Matt Johnston <[email protected]> Sun, 22 Jun 2003 22:22:00 +0800 dropbear (0.32cvs-1) unstable; urgency=medium * now maintained in UCC CVS * debian/copyright.in file added, generated from LICENSE -- Grahame Bowland <[email protected]> Tue, 21 Jun 2003 17:57:02 +0800 dropbear (0.32cvs-1) unstable; urgency=medium * sync with CVS * fixes X crash bug -- Grahame Bowland <[email protected]> Tue, 20 Jun 2003 15:04:47 +0800 dropbear (0.32-2) unstable; urgency=low * fix creation of host keys to use correct names in /etc/dropbear * init script "restart" function fixed * purging this package now deletes the host keys and /etc/dropbear * change priority in debian/control to 'standard' -- Grahame Bowland <[email protected]> Tue, 17 Jun 2003 15:04:47 +0800 dropbear (0.32-1) unstable; urgency=low * Initial Release. -- Grahame Bowland <[email protected]> Tue, 17 Jun 2003 15:04:47 +0800